Menu
Browse

Cyber Threat Actor: Department of Peace

Actor Type Location Known Incidents
 Icon
Activist
1 incident
Profile

The threat actor known as “Department of Peace” is a hacktivist group that publicly claimed responsibility for compromising the U.S. Department of Homeland Security in March 2026. The group targeted the Office of Industry Partnership, exfiltrating and publishing detailed contract data involving over 6,000 private companies, including defense contractors such as Anduril, L3Harris, Raytheon, and technology firms like Palantir, Microsoft, Oracle, SAIC, and Underwriters Laboratories. The leaked information included contractor names, award amounts up to $70 million, and personal contact details, which were later organized into a searchable public database by an external security researcher. The group explicitly cited federal immigration enforcement actions and the treatment of peaceful protesters as motivations, accusing the implicated companies of enabling what they described as inhumane policies. No other aliases or operational identities have been publicly associated with this group.

The targeting was narrowly focused on U.S. federal agencies and their private-sector contractors involved in immigration enforcement and national security infrastructure. There is no evidence of targeting outside the United States or beyond the scope of government-contracted entities. The group’s strategic objective was not financial gain, espionage, or traditional cyber sabotage, but rather public disruption and moral condemnation through transparency. No malware families, initial access vectors, or specific tooling were referenced in the incident report; the breach method remains unconfirmed. Attribution to any state sponsor, criminal organization, or broader network has not been established or publicly asserted. The group’s actions were self-declared and contained no indicators of coordination with known threat actors or infrastructure reuse from other campaigns. The operation relied on the public release of data rather than destructive payloads or persistent access, suggesting a preference for symbolic impact over technical complexity. No further operations have been attributed to “Department of Peace” beyond this single incident. The group did not claim responsibility for any other breaches, nor was any infrastructure, domain, or communication channel linked to them beyond the initial public statement. The lack of technical detail in the disclosure and the absence of follow-up activity indicate a singular, mission-driven campaign rather than an ongoing operational entity. Neither the Department of Homeland Security nor any of the implicated companies confirmed the breach or provided technical analysis, leaving the full scope and method of compromise unverified by official sources.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources